Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

79 advisories

Loading
Jenkins SCTMExecutor Plugin stores credentials in plain text Moderate
CVE-2019-16568 was published for hudson.plugins.sctmexecutor:SCTMExecutor (Maven) May 24, 2022
Jenkins QMetry for JIRA Plugin shows plain text password in configuration form Low
CVE-2019-16545 was published for org.jenkins-ci.plugins:qmetry-for-jira-test-management (Maven) May 24, 2022
Jenkins SourceGear Vault plugin transmits credentials in plain text High
CVE-2019-10435 was published for org.jenkins-ci.plugins:vault-scm-plugin (Maven) May 24, 2022
Cleartext Transmission of Sensitive Information in Apache MINA High
CVE-2019-0231 was published for org.apache.mina:mina-core (Maven) May 24, 2022
Jenkins Inedo BuildMaster Plugin showed plain text password in configuration form Low
CVE-2019-10411 was published for com.inedo.proget:inedo-proget (Maven) May 24, 2022
Jenkins Inedo ProGet Plugin Plugin has Cleartext Transmission of Sensitive Information Low
CVE-2019-10412 was published for com.inedo.proget:inedo-proget (Maven) May 24, 2022
Jenkins Aqua Security Serverless Scanner Plugin showed plain text password in job configuration form fields Low
CVE-2019-10397 was published for org.jenkins-ci.plugins:aqua-serverless (Maven) May 24, 2022
andrewpollock
Jenkins IBM AppScan Plugin showed plain text password in job configuration form fields Moderate
CVE-2019-10391 was published for com.hcl.security:ibm-application-security (Maven) May 24, 2022
Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin Moderate
CVE-2019-10370 was published for org.jenkins-ci.plugins:mask-passwords (Maven) May 24, 2022
Cleartext Transmission of Sensitive Information in Jenkins Configuration as Code Plugin Moderate
CVE-2019-10363 was published for io.jenkins:configuration-as-code (Maven) May 24, 2022
Potentially compromised builds High
CVE-2019-10249 was published for org.eclipse.xtend:org.eclipse.xtend.core (Maven) May 24, 2022
Setuptools vulnerable to Man-in-the-middle attacks High
CVE-2013-1633 was published for setuptools (pip) May 17, 2022
Missing certificate validation in Apache JMeter Critical
CVE-2018-1297 was published for org.apache.jmeter:ApacheJMeter (Maven) May 13, 2022
TYPO3 Information Disclosure Vulnerability Moderate
CVE-2017-6370 was published for typo3/cms (Composer) May 13, 2022
Insecure transport protocol in Gradle Moderate
CVE-2019-11065 was published for org.gradle:gradle-core (Maven) May 13, 2022
Cleartext Transmission of Sensitive Information in Apache CXF Moderate
CVE-2014-0035 was published for org.apache.cxf:cxf-core (Maven) May 13, 2022
sunSUNQ
Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials Moderate
CVE-2022-25180 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Feb 16, 2022
"catalog's registry v2 api exposed on unauthenticated path in Harbor" Moderate
CVE-2020-29662 was published for github.com/goharbor/harbor (Go) Feb 12, 2022
User passwords transmitted in plain text by Jenkins Active Directory Plugin Moderate
CVE-2022-23105 was published for org.jenkins-ci.plugins:active-directory (Maven) Jan 13, 2022
NotMyFault
Source code is downloaded over cleartext HTTP in portaudio Moderate
CVE-2016-10933 was published for portaudio (Rust) Aug 25, 2021
Missing encryption in Apache Directory Studio High
CVE-2021-33900 was published for org.apache.directory.studio:org.apache.directory.studio.parent (Maven) Aug 9, 2021
Pgsync Contains Cleartext Transmission of Sensitive Information High
CVE-2021-31671 was published for pgsync (RubyGems) Apr 27, 2021
Remote Code Execution and download tracking in Mintegral SDK Moderate
CVE-2020-7744 was published for com.mintegral.msdk:alphab (Maven) Apr 22, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Apache Kafka High
CVE-2019-12399 was published for org.apache.kafka:kafka (Maven) May 12, 2020
Missing Encryption of Sensitive Data in yarn High
CVE-2019-5448 was published for yarn (npm) Jul 31, 2019
ProTip! Advisories are also available from the GraphQL API